PEM Trust Model

• The PEM certification infrastructure never came to life on a large scale for a number of reasons, amongst them- inherent deficiencies in the underlying X.509v1 - strict hierarchic structure doesn’t match reality- Existing naming schemes were difficult to integrate- X.509v1 is identity-based; need also role-based or attribute-based (for access control) certification- more flexibility is needed

• Probably some mixture of “hierarchy” and “web of trust” is needed

Previous slide

Next slide

Back to first slide

View graphic version